Hi all,
we have a problem about updating (via u-boot) our RTOS using a fit image
that comes from a USB key.
The scenario is: we encrypt our application, with our RTOS linked to,
and put it in a fit image signed. Then we put it in a USB key and we
insert it on our board. At the start u-boot check the presence of an
update file (a .fit), check the signature and, if this is ok, decrypt it
using the same symmetric key (just for 'transport').
Now the problem is that we need to re-encrypt the update with another
key (a running key, present on the machine) and put this encrypted file
in an existing (or recalculated) fit used to 'run' the application and
resigned (we can, for example, use the same signature that we have in
the previous version of the application).
So, our question is: is it possible to update a node of an existing fit
image directly from u-boot? Or this way of operation is not corrected
for an update of a trusted an verified boot sequence using fit?
We use an Atmel sama5d27 cpu.
Any help is really appreciated.
Many thanks.
Regards, Valerio
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
